Yao, Jiewen [Mon, 11 Jan 2016 05:18:32 +0000 (05:18 +0000)]
SecurityPkg: Clear AuthSession content after use.
Some commands in Tpm2CommandLib accept AuthSession
as input parameter and copy to local command buffer.
After use, this AuthSession content should be zeroed,
because there might be some secrete there.
Yao, Jiewen [Mon, 11 Jan 2016 05:12:31 +0000 (05:12 +0000)]
SecurityPkg: MOR drivers use Tcg2Protocol instead of TrEE.
The official TCG standard uses Tcg2Protocol, instead of TrEE.
We should update TCG driver to use Tcg2Protocol, too.
TrEE should be used only for old TrEE implementation.
Ruiyu Ni [Mon, 11 Jan 2016 02:29:09 +0000 (02:29 +0000)]
MdeModulePkg: Fix GraphicsConsole driver resolution out of sync issue
When the GOP doesn't support the resolution specified by
PcdVideoHorizontalResolution and PcdVideoVerticalResolution,
the code tries to set the resolution to 800x600 but uses the resolution
equals to the PCD when calculating the text print position.
The patch fixes the bug by updating the resolution to 800x600 for
this case.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19630 6f19259b-4bc3-4df7-8a09-765794883524
When overriding compiler options '/GL' with '/GL-', VS2010 will report
warning C4701 potentially uninitialized local variable for 'LcrParity'
and 'LcrStop' in function SerialPortSetAttributes().
When overriding compiler options '/GL' with '/GL-', VS2010 will report
warning C4701 potentially uninitialized local variable for 'LcrParity'
and 'LcrStop' in function SerialPortSetAttributes().
Change EfiBootManagerDeleteLoadOptionVariable() to not just
remove #### from BootOrder but also remove Boot#### variable.
The old behavior tries to do less for performance but it leaves
unreferenced Boot#### which cannot be reclaimed in variable
reclaim operation though the Boot#### will be eventually be overwritten
by EfiBootManagerAddLoadOptionVariable().
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19626 6f19259b-4bc3-4df7-8a09-765794883524
Fu Siyuan [Fri, 8 Jan 2016 02:21:25 +0000 (02:21 +0000)]
MdeModulePkg: update SNP.GetStatus to handle multiple recycled TX buffer.
This patch fixes a bug in SNP.GetStatus() interface. The UNDI driver may return
multiple transmitted buffers in a single GetStatus command, while SNP.GetStatus
could only return one pointer each time, the rest of them are lost. This patch
fixes this issue by store these recycled pointer in a temporary buffer in SNP
driver.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19623 6f19259b-4bc3-4df7-8a09-765794883524
Remove GPIO expander configuration actions that are now performed in
PEI Phase in PlatformInit module. In order to detect physical presence
only the state of the Reset Button needs to be read.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19621 6f19259b-4bc3-4df7-8a09-765794883524
Configure GPIO expander in PEI phase
1) Configure all GPIO expander pins connected to Reset Button as inputs
2) Configure multiplexer for I2C to route I2C bus to Arduino Header
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19620 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 7 Jan 2016 22:43:11 +0000 (22:43 +0000)]
QuarkPlatformPkg/PlatformHelperLib: Move PCAL functions for PEI use
The functions used to manage the PCAL GPIO I2C expander are located
in a DXE specific source file. Move these functions to a source
file that is common to both the PEI and DXE versions of this library
so these GPIO pins can be managed from PEIMs.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19619 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 7 Jan 2016 22:31:13 +0000 (22:31 +0000)]
QuarkPlatformPkg/PlatformInit: Adjust memory bin size to avoid reboot
Update memory bin sizes in Memory Type Information on first boot after
FLASH update to avoid reboot when memory bins are too small when all
features are enabled.
Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19618 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 7 Jan 2016 22:24:22 +0000 (22:24 +0000)]
SecurityPkg/Tcg: Fix debug messages
Debug messages are using a format strings with %s for
a Unicode string, but the strings being printed are
ASCII strings and this results in corrupted debug
messages. Change the the format string to use %a
instead of %s.
Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19617 6f19259b-4bc3-4df7-8a09-765794883524
Laszlo Ersek [Thu, 7 Jan 2016 18:48:17 +0000 (18:48 +0000)]
OvmfPkg: execute option ROM images regardless of Secure Boot
Change the image verification policy for option ROM images to 0x00
(ALWAYS_EXECUTE).
While this may not be a good idea for physical platforms (see e.g.
<https://trmm.net/Thunderstrike>), on the QEMU platform the benefits seem
to outweigh the drawbacks:
- For QEMU's virtual PCI devices, and for some assigned PCI devices, the
option ROMs come from host-side files, which can never be rewritten from
within the guest. Since the host admin has full control over a guest
anyway, executing option ROMs that originate from host-side files
presents no additional threat to the guest.
- For assigned physical PCI devices with option ROMs, the argument is not
so clear-cut. In theory a setup could exist where:
- the host-side UEFI firmware (with DENY_EXECUTE_ON_SECURITY_VIOLATION)
rejects the option ROM of a malicious physical PCI device, but
- when the device is assigned to the guest, OVMF executes the option ROM
in the guest,
- the option ROM breaks out of the guest (using an assumed QEMU
vulnerability) and gains QEMU user privileges on the host.
However, in order to escalate as far as it would happen on the bare
metal with ALWAYS_EXECUTE (i.e., in order to gain firmware-level access
on the host), the malicious option ROM would have to break through (1)
QEMU, (2) traditional UID and GID based privilege separation on the
host, (3) sVirt (SELinux) on the host, (4) the host OS - host firmware
boundary. This is not impossible, but not likely enough to discourage
the use cases below.
- This patch makes it possible to use unsigned iPXE network drivers that
QEMU presents in the option ROMs of virtual NICs and assigned SR-IOV
VFs, even if Secure Boot is in User Mode or Deployed Mode.
- The change also makes it possible to execute unsigned, outdated
(revoked), or downright malicious option ROMs of assigned physical
devices in guests, for corporate, entertainment, academia, or security
research purposes.
Laszlo Ersek [Thu, 7 Jan 2016 18:48:13 +0000 (18:48 +0000)]
OvmfPkg: inherit Image Verification Policy defaults from SecurityPkg
Secure Boot support was originally addded to OvmfPkg on 2012-Mar-09, in
SVN r13093 (git 8cee3de7e9f4), titled
OvmfPkg: Enable secure-boot support when SECURE_BOOT_ENABLE==TRUE
At that time the image verification policies in
SecurityPkg/SecurityPkg.dec were:
- option ROM image: 0x00 (ALWAYS_EXECUTE)
- removable media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION)
- fixed media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION)
The author of SVN r13093 apparently didn't want to depend on the
SecurityPkg defaults for the latter two image origins, plus the
ALWAYS_EXECUTE policy for option ROM images must have been deemed too lax.
For this reason SVN r13093 immediately spelled out 0x05
(QUERY_USER_ON_SECURITY_VIOLATION) within OvmfPkg for all three image
origins.
Fast forward to 2013-Aug-28: policy 0x05
(QUERY_USER_ON_SECURITY_VIOLATION) had been forbidden in the UEFI spec,
and SVN r14607 (git db44ea6c4e09) reflected this in the source code:
- The policies for the latter two image origins were switched from 0x05 to
0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) in SecurityPkg,
- the patch changed the default policy for option ROM images too, from
0x00 (ALWAYS_EXECUTE) to 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION),
- any other client DSC files, including OvmfPkg's, underwent a whole-sale
0x05 (QUERY_USER_ON_SECURITY_VIOLATION) -> 0x04
(DENY_EXECUTE_ON_SECURITY_VIOLATION) replacement too.
The practical result of that patch for OvmfPkg was that the explicit 0x04
settings would equal the strict SecurityPkg defaults exactly.
And that's what we have today: the "override the default values from
SecurityPkg" comments in OvmfPkg's DSC files are stale, in practice.
It is extremely unlikely that SecurityPkg would change the defaults from
0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) any time in the future, so let's
just inherit those in OvmfPkg.
Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19613 6f19259b-4bc3-4df7-8a09-765794883524
Feng Tian [Thu, 7 Jan 2016 07:03:54 +0000 (07:03 +0000)]
MdeModulePkg/ScsiDisk: Increase the value of SCSI_DISK_TIMEOUT to 30s
As ScsiDisk and ScsiBus driver are used to manage SCSI or ATAPI devices,
the timeout value is updated to 30s to follow ATA/ATAPI spec in which
the device may take up to 30s to respond command.
The change is used to solve device compatibility issue found with a TEAC
DV-W28S-WZ3 slim DVD plus a SONY AccuCORE DVD-R media in which the DVD
spends 8s to response READ_CAPACITY cmd after resetting the host machine.
Feng Tian [Thu, 7 Jan 2016 07:03:32 +0000 (07:03 +0000)]
MdeModulePkg/Ide: return correct status when DRQ is not ready for ATAPI
When executing ATAPI cmd at IDE mode, EFI_SUCCESS may be returned wrongly
with old logic but in fact DRQ is not ready and the transaction doesn't
get executed correctly at this time.
Laszlo Ersek [Wed, 6 Jan 2016 12:34:46 +0000 (12:34 +0000)]
NetworkPkg: DnsDxe: fix return type of DnsFillinQNameForQueryIp()
Change the return type of DnsFillinQNameForQueryIp() from (UINT8*) to
(CHAR*). This brings the function in sync with both its internal variables
and all of its call sites, fixing the following gcc build breakage:
> NetworkPkg/DnsDxe/DnsImpl.c: In function 'DnsFillinQNameForQueryIp':
> NetworkPkg/DnsDxe/DnsImpl.c:1068:3: error: pointer targets in return
> differ in signedness
> [-Werror=pointer-sign]
> return QueryName;
> ^
The code was added in git commit fcae1a99 (SVN r19579).
Daryl McDaniel [Wed, 6 Jan 2016 01:00:19 +0000 (01:00 +0000)]
AppPkg/.../Python: Clean up and document how to escape the -# option.
Depending upon the version of Shell you are using, it may be necessary
to escape the '#' character, when using the "-#" command-line option, so that
the Shell doesn't interpret it as the start of a comment.
The escape character is '^'.
Example:
python -^# -V
* General updating.
* Re-format so that no line is longer than 80 char.
* Add note about escaping the "-#" command-line option.
Dandan Bi [Wed, 6 Jan 2016 00:55:12 +0000 (00:55 +0000)]
MdeModulePkg:Change the type of BootNext
Currently the invalid boot next set to the number of boot option,
when add a new boot option,also need update the boot next value,
otherwise it will be incorrect.Now set the type of BootNext value
to UINT32,the number out of the range of UINT16 means it is an
invalid BootNext Value.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19591 6f19259b-4bc3-4df7-8a09-765794883524
Daryl McDaniel [Wed, 6 Jan 2016 00:44:24 +0000 (00:44 +0000)]
StdLib: Fix IIO_Write() to return the number of bytes consumed, not characters output.
Depending upon termios settings, writing to a terminal device may result in
many more characters being output than were in the buffer provided to the
IIO_Write() function.
IIO_Write() is supposed to return the number of BYTES written, not characters.
Since the provided buffer contains MBCS characters, there can be up to three
bytes per character. Due to the expansion that may occur, "BYTES written"
is interpreted to mean the number of BYTES consumed from the MBCS buffer
provided as a parameter to IIO_Write.
These changes ensure that the correct number of characters are consumed from
the internal Output buffer and the correct number of BYTES consumed from the
buffer parameter are counted and returned.
Update copyright.
Fix some indentation and white space issues.
Improve comments for IIO_Write().
Add debugging instrumentation to count unconsumed data in the Input and Output buffers.
Modify IIO_Write() to:
Accurately count input bytes CONSUMED.
Consume only as many expanded (cooked) characters from the output buffer
as were actually sent to the device.
Daryl McDaniel [Wed, 6 Jan 2016 00:05:02 +0000 (00:05 +0000)]
StdLib: Implement da_ConFlush() and flush I/O buffers when closing a console device.
Add header file Efi/SysEfi.h
Clean up some indent issues.
Implement function da_ConFlush()
Modify da_ConClose() to flush its buffers and clean up better upon close.
Construct the console instance using the new da_ConFlush() instead of the nullop function.
Remove da_ConFlush() from the "Not implemented (yet?)" place holder.
Daryl McDaniel [Tue, 5 Jan 2016 23:46:22 +0000 (23:46 +0000)]
StdLib: Temporarily restrict compiler warnings so that sockets can be built using VS2015.
Update Copyright notice.
Add Build Options so that builds using VS2015 have the /Wv:11 options added to the CC_FLAGS.
This restricts the warnings generated by VS2015 (VC++) to just those that are produced by
version 11 of the C compiler, VS2010.
ShellPkg : Add UEFI_APPLICATION module type to UefiShellInstall1CommandsLib.inf
Using UEFI_APPLICATION for all Shell app and libraries allows the use of
different compiler flags for the Shell application itself and for other
applications that are built separately that use Shell libraries.
Ard Biesheuvel [Mon, 4 Jan 2016 09:31:42 +0000 (09:31 +0000)]
BaseTools CLANG35: use -target in PP flags as well
The Clang preprocessor may rely on builtin defines that are target
dependent, so we should add the -target argument also when invoking
the preprocessor directly.
Ard Biesheuvel [Mon, 4 Jan 2016 09:31:33 +0000 (09:31 +0000)]
BaseTools CLANG35: use linux-gnu target triplets explicitly
Since we are combining Clang with the GNU linker, make that explicit in
the target triplet. This affects certain builtin defines and other compiler
behavior that may be unspecified otherwise.
Daryl McDaniel [Mon, 4 Jan 2016 02:48:18 +0000 (02:48 +0000)]
AppPkg/Applications/Python/Python-2.7.10/*/pyconfig.h: Update pyconfig for Python 2.7.10 compliance.
Add new constants required for Python 2.7.10.
Update package and help values.
Define networking constants so that the getaddrinfo, gethostbyname, and
getnameinfo functions are used from the sockets package.
Ard Biesheuvel [Thu, 31 Dec 2015 10:47:22 +0000 (10:47 +0000)]
MdePkg/BaseLib: do not rely on undefined behavior in arithmetic shift
The runtime test whether the compiler supports arithmetic shift of
negative signed numbers currently relies on undefined behavior in C,
which means that all bets are off regarding whether the condition
that follows passes or fails, regardless of whether the compiler in
fact supports arithmetic shift or not.
Relevant quote from ISO C99 (6.5.7/4)
The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits
are filled with zeros. If E1 has an unsigned type, the value of the result
is E1 × 2^E2, reduced modulo one more than the maximum value representable
in the result type. If E1 has a signed type and nonnegative value, and
E1 × 2^E2 is representable in the result type, then that is the resulting
value; otherwise, the behavior is undefined.
For historic purposes, let's keep the test in place (although it is doubtful
we actually need it) but rewrite it in a way that prevents compilers from
this century from doing whacky things with it.
Star Zeng [Wed, 30 Dec 2015 05:09:16 +0000 (05:09 +0000)]
MdeModulePkg Variable: Handle ftw driver executes prior to variable driver
Variable driver uses gEdkiiFaultTolerantWriteGuid hob and copies data to NvStorageData if hob exists.
But if ftw driver executes prior to variable driver then spare block is erased.
So the patch is to enhance the code to do not check FTW last write data hob if FTW protocol has been installed.
Star Zeng [Tue, 29 Dec 2015 09:00:58 +0000 (09:00 +0000)]
MdeModulePkg Variable: ###VariableTotalSize need to be initialized to 0 first
HwErrVariableTotalSize/CommonVariableTotalSize/CommonUserVariableTotalSize
need to be initialized to 0 first after reclaim failed, then to be assigned by += operation.
Daryl McDaniel [Tue, 29 Dec 2015 02:53:10 +0000 (02:53 +0000)]
AppPkg/Applications/Python/Python-2.7.10/*/pyconfig.h: Update pyconfig for Python 2.7.10 compliance.
Add new constants required for Python 2.7.10.
Update package and help values.
Define networking constants so that the getaddrinfo, gethostbyname, and
getnameinfo functions are used from the sockets package.
Qiu Shumin [Fri, 25 Dec 2015 04:20:28 +0000 (04:20 +0000)]
ShellBinPkg: Ia32/X64 Shell binary update.
The binaries of ShellBinPkg are generated with ShellPkg project 19529. The binaries are built with no debug information by building with "RELEASE" target.
Qiu Shumin [Thu, 24 Dec 2015 08:14:51 +0000 (08:14 +0000)]
ShellPkg: Fix memory leak when running Shell script.
When we run following script in Shell:
"
for %a run (1 200)
echo %a
memmap
endfor
"
We may find memory leak in system. This patch free buffer in 'BufferToFreeList' to avoid this issue.
Michael Kinney [Thu, 24 Dec 2015 00:14:00 +0000 (00:14 +0000)]
UefiCpuPkg/PiSmmCpuDxeSmm: Initialize gSmst fields on S3 resume
Update S3 resume path to initialize the fields of gSmst before
the gSmst fields are used to complete initialization in S3 resume.
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19504 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 24 Dec 2015 00:13:54 +0000 (00:13 +0000)]
UefiCpuPkg/PiSmmCpuDxeSmm: Correct CPUID leaf used to detect SMM mode
Use Bit 29 of CPUID leaf CPUID_EXTENDED_CPU_SIG (0x80000001) to
determine the SMM save state mode. The previous version of this
code used CPUID leaf CPUID_VERSION_INFO (0x00000001).
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19503 6f19259b-4bc3-4df7-8a09-765794883524
Michael Kinney [Thu, 24 Dec 2015 00:13:47 +0000 (00:13 +0000)]
UefiCpuPkg/PiSmmCpuDxeSmm: Fix failure when PcdCpuSmmDebug is TRUE
If PcdCpuSmmDebug is set to TRUE, then the first time the function
CpuSmmDebugEntry () is called during the first normal SMI, the
registers DR6 or DR7 may be set to invalid values due to gSmst
not being fully initialized yet. Instead, use gSmmCpuPrivate that
is fully initialized for the first SMI to look up CpuSaveState
for the currently executing CPU.
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19502 6f19259b-4bc3-4df7-8a09-765794883524